#! /bin/bash
# wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
# wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
# wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
# chmod +x cfssl* && mv cfssl* /usr/local/bin/
##################################### 签证 ###########################################
set -e
BASEPATH=$(pwd)
SSL=${BASEPATH}/ssl
mkdir -p  $SSL  && cd ${SSL}

#####################################生成证书请求文件##################################
cat > ca-config.json <<EOF
{
  "signing": {
      "default": {
          "expiry": "87600h"
        },
      "profiles": {
          "peer": {
              "usages": [
                  "signing",
                  "key encipherment",
                  "server auth",
                  "client auth"
              ],
              "expiry": "87600h"
          },
          "server": {
              "usages": [
                  "signing",
                  "key encipherment",
                  "server auth"
              ],
              "expiry": "87600h"
          },
          "client": {
              "usages": [
                  "signing",
                  "key encipherment",
                  "client auth"
              ],
              "expiry": "87600h"
          }
      }
  }
}
EOF
# ca证书创建，例：genca() ca-csr.json
genca()
{
     cfssl gencert -initca $1 | cfssljson -bare $2
}
# server|peer|client证书创建，例：gencert() peer ca.pem  ca-key.pem ca-config.json  apiserver
gencert()
{
    cfssl gencert -ca=$2 -ca-key=$3 -config=ca-config.json -profile=$1  $4-csr.json | cfssljson -bare $4
}
# 1.kubernetets集群组件ca证书请求文件
cat > ca-csr.json <<EOF
{
  "CN": "公网ip",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "shaanxi",
      "L": "xian",
      "O": "GlobalSign RULTR",
      "OU": "System"
    }
  ]
}
EOF
##创建证书
#1.创建ca证书
genca ca-csr.json ca

#####################################生成证书请求文件##################################
cat > server-csr.json <<EOF
{
    "CN": "公网ip",
    "hosts": [
      "127.0.0.1",
      "192.168.0.209",
      "182.160.15.19"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "ST": "shaanxi",
            "L": "xian",
            "O": "GlobalSign RULTR",
            "OU": "System"
        }
    ]
}
EOF
##创建证书
#1.创建apiserver server证书
gencert server ca.pem  ca-key.pem  server
